---
layout: docs
page_title: 'nomad login command reference'
description: |
  The `nomad login` command uses OpenID Connect (OIDC) to authenticate a user with a single sign-on (SSO) provider. Nomad creates an access control list (ACL) token after successful authentication.
---

# `nomad login` command reference

The `login` command is used to log in to an SSO provider and exchange the third
party credentials for a newly minted Nomad ACL token.

## Usage

```plaintext
nomad login [options]
```

The login command will exchange the provided third party credentials with the
requested auth method for a newly minted Nomad ACL token.

## Options

- `-method`: The name of the ACL auth method to log in via. If the cluster
  administrator has configured a default, this flag is optional.

- `-oidc-callback-addr`: The address to use for the local OIDC callback server.
  This should be given in the form of `<IP>:<PORT>` and defaults to
  `localhost:4649`.

- `-json`: Output the ACL token in JSON format.

- `-t`: Format and display the ACL token using a Go template.

## Examples

Login using an OIDC provider:

```shell-session
$ nomad login -method=auth0
Successfully logged in via OIDC and auth0

Accessor ID  = 68123fee-1e8b-7ecc-5b34-505ecd2dcb80
Secret ID    = a47ed236-5a51-cadf-2ad0-4cd0fd5bc393
Name         = OIDC-auth0
Type         = client
Global       = false
Create Time  = 2023-01-12 14:13:04.863238 +0000 UTC
Expiry Time  = 2023-01-12 14:23:04.863238 +0000 UTC
Create Index = 30
Modify Index = 30
Policies     = [node-read]

Roles
ID                                    Name
ac9d4281-2079-aadb-6740-625f4ed156d8  engineering

$ export NOMAD_TOKEN=a47ed236-5a51-cadf-2ad0-4cd0fd5bc393
$ nomad ...
```

## General options

@include 'general_options_no_namespace.mdx'
